GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  NDPMON (8)

NAME

ndpmon - Neighbor Discovery Protocol Monitor

CONTENTS

Synopsis
Description
Files
Author
Bugs

SYNOPSIS

ndpmon [ -i interfacename ] [ -f configfile ] [ -d dtd_file ] [ -F filter ]    
[ -n number ] [ -L ] [ -v ] [ -h ] [ -d dtd_file ]    
[ -g neighbor_file ]

DESCRIPTION

NDPMon is a monitoring software for ipv6 Neighbor Discovery. It syslogs activity and reports by email malicious ND message. NDPMon uses libpcap to listen for icmp6 packets and libxml2 to use configuration and neighbor cache files.

The -i flag is used to change the default interface eth0.

The -f flag is used to change the path of the configuration file. The default is /usr/local/etc/config_ndpmon.xml

The -e flag is used to change the path to the DTD file for the configuration file. The default is /usr/local/share/ndpmon/config_ndpmon.dtd

The -n flag uses libpcap to specify a limited number of packet to capture.

The -F flag allows to change the default icmp6 filter.

The -L flag is used to disable syslog and mail reports. This is used to do a learning phase and constitue the neighbor cache.

The -v is used to enable the DEBUG mode.

The -d flag is used to change the path to the DTD file for the neighbor cache. The default is /usr/local/share/ndpmon/neighbor_list.dtd

The -g flag is used to change the path to the neighbor cache. The default is /usr/local/var/ndpmon/ndpmon_neighbor_list.xml

Note that an empty neighbor_cache.xml file must be created before the first time you run ndpmon.

NDPMon must be run with root rights to work.

REPORT MESSAGES

Here’s the list of the report messages generated by ndpmon:
wrong couple MAC/IP
  Separately, the MAC and IP addresses are valid, but not as a couple.
wrong router mac
  The ethernet address of the RA message is not specified in the configuration file.
wrong router ip
  The ip address of the RA message is not specified in the configuration file.
wrong prefix
  The prefix announced in the RA message is not specified in the configuration file.
wrong router redirect
  The RD message does’nt come from a router specified in the configuration file.
NA router flag
  The NA specifies a router but isn’t one according to the configuration file.
DAD DOS
  The NA answer to NS to avoid it to get an ip address.
changed ethernet address
  The host switched to a new ethernet address.
flip flop
  The ethernet address has changed from the most recently seen address to the second most recently seen address.
reused old ethernet address
  The ethernet address has changed from the most recently seen address to the third (or greater) least recently seen address.

SYSLOG MESSAGES

Here are some of the syslog messages; note that messages that are reported are also sysloged.
new activity
  This ethernet/ip6 address pair has been announced for last time two months or more.
new station
  The ethernet address has not been seen before on the link.
ethernet broadcast
  The mac ethernet address of the host is a broadcast address.
ip broadcast
  The ip address of the host is a broadcast address.
bogon The source ip address is not local to the local subnet.
ethernet mismatch
  The source mac ethernet address didn’t match the address announced in option of the ND message.

FILES

config_ndpmon.xml - contains settings which must be fill by the administrator
neighbor_list.xml - neighbor cache: all neighbors known to be on the link





SEE ALSO

arpwatch(8) ipv6(7), pcap(3), libxml(3).

AUTHOR

Thibault Cholez and Frederic Beck for MADYNES Project, Loria, Fr.

BUGS

Please send bug reports to frederic.beck@loria.fr
  or thibault.cholez@esial.uhp-nancy.fr
Search for    or go to Top of page |  Section 8 |  Main Index


--> NDPMON (8) November 2006

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.